October 2024
Flexera One introduced the following new features and enhancements this month.
Automation
Automation released the following feature in October 2024.
Audit tracking for Automation policy template
This feature is available for Automation.
The Automation Templates (Automation > Templates) page was updated to include the new Automation Policy API. Now user activity such as uploading, updating, and deleting policy templates is recorded. These user activity events can be audited through the IAM Events Types API.
IT Asset Management
IT Asset Management released the following features and enhancements in October 2024.
Microsoft Azure adapter supports certificate-based authentication
This feature is available with IT Asset Management.
In addition to supporting application key authentication, the Microsoft Azure adapter has been extended to now support certificate-based authentication.
Prior to this change, the Microsoft Azure adapter was limited to using service principals for connecting to Microsoft Azure. This limitation caused numerous issues such as a requirement to rotate service principal access keys when someone departed an organization, increased overhead in managing access keys, and security risk of keys being linked.
From this release, by way of certificate-based authentication, the Microsoft Azure adapter can use managed identities for Microsoft Azure resources as a more secure way for authentication. Managed identities for Azure resources provide Microsoft Azure services with an automatically managed identity in Azure Active Directory. This identity can be used to authenticate to any service that supports Microsoft Azure Active Directory authentication, without having credentials in the code.
Before you can configure the Microsoft Azure adapter to use certificate-based authentication, you first need to create a self-signed certificate, import the certificate, and then upload the certificate to the Microsoft Azure Portal. For steps on how to complete this process, see Certificate-based authentication prerequisites and Setting Up in the IT Asset Management Inventory Adapters user guide. For more information on certificate-based authentication, see Overview of Microsoft Entra certificate-based authentication in the Microsoft Entra Help.
Enhanced software discovery for Unix-like platforms using running process tracking
This feature is available with IT Asset Management.
Previously, software discovery on Unix-like platforms was inefficient and imprecise, with traditional scans generating excessive irrelevant file evidence. This led to poor visibility, identifying only about 10% of installed software, and required manual identification as the only alternative.
In this release, a new approach to software discovery on Unix-like platforms has been introduced to tackle the inefficiencies of traditional scanning methods. This approach uses running process tracking to identify installed software on Unix-like platforms, building a cache to validate and report software paths, thereby reducing irrelevant data collection. This new feature significantly improves the accuracy and relevance of software identification.
For more information, see the following topics:
-
New FlexNet Inventory Agent preferences: PerformUnixSoftwareProcessScan and ExcludeUnixSoftwareProcessDirectory in the Gathering FlexNet Inventory
-
Evidence Tab: File Evidence in the Help.
Updated tables: SoftwareFile, ImportedInstalledFileEvidence, and InstalledFileEvidence in the Database Schema Reference.
New support for Podman inventory on Linux
This feature is available with IT Asset Management.
Podman has emerged as the industry standard for container management, replacing Docker on many servers, including those running Red Hat Enterprise Linux.
The FlexNet Inventory Agent now supports inventory collection from Podman on Linux. This new feature ensures comprehensive inventory management and aligns with the industry shift towards Podman, particularly in environments like OpenShift where Podman serves as the underlying container runtime.
Visibility of your Podman containers is disabled by default. To enable Podman inventory and running inventory agent inside Podman containers, go to the Inventory Settings page (Data Collection > IT Assets Inventory Tasks > Inventory Settings) and select the corresponding checkbox in the Container scanning section.
As Podman is designed to be user-centric with containers managed on a per-user basis, each user has their own set of containers and other users cannot access or manage them. Therefore, the Podman monitor requires root privileges to collect containers and image inventory from all users using Podman on the system. If your FlexNet Inventory Agent is operating in the Least Privilege Operation Mode, you need to grant root privileges to the Podman monitor by adding /opt/managesoft/libexec/fnms-podman-monitor to the Cmnd_Alias FLEXERA command alias in the sudoers file /etc/sudoers.d/flexera. For a sample sudoers file, see Agent Third-Party Deployment: Sample Sudoers File.
For more information, see the following topics in the Gathering FlexNet Inventory:
-
New FlexNet Inventory Agent preference PerformPodmanInventoryScan.
-
Updated FlexNet Inventory Agent preferences ExcludeDirectory and ExcludeEmbedFileContentDirectory, where the default behavior on Linux platforms has changed.
-
Agent Third-Party Deployment: Least Privilege Operation Mode.
View Terminated status for Microsoft Azure short-lived cloud instances
This enhancement is available with IT Asset Management.
From this release, Microsoft Azure hosted short-lived cloud instances imported into IT Asset Management by way of a locally installed agent, but not reported by the Microsoft Azure adapter, will now be marked as Terminated in the Last known state column on the Cloud Service Provider Inventory page.
There are cases when short-lived cloud instances are not reported by the Microsoft Azure adapter as these instances may have been removed from the Microsoft Azure portal due to auto scaling created by the Virtual Machine Scale set. Prior to this release, short-lived cloud instance inventory data imported into IT Asset Management by the FlexNet Inventory Agent, lead to a massive increase in the number of short-lived cloud instances that were able to consume a license.
In such cases when the instance is not reported from the Microsoft Azure adapter, short-lived cloud instance inventory data imported into IT Asset Management by the FlexNet Inventory Agent will now automatically be marked as Terminated and have no future impact on license consumption calculations. In addition, a new column called Scaleset name which states the name of the virtual machine scale set that the instance belongs to has been added to Cloud Service Provider Inventory page.
In total, there are six scenarios which determine the status of the Last known state column on the Cloud Service Provider Inventory page, three of which will result in a Terminated status. The table below details six data import cases and their corresponding outcomes.
| Data import cases | Outcome |
|---|---|
| Short-lived cloud instance inventory data reported by both the FlexNet Inventory Agent, and Microsoft Azure adapter. | Normal behavior as it is now. |
| Short-lived cloud instance inventory data reported by the FlexNet Inventory Agent, but not reported by the Microsoft Azure adapter. | Only instance inventory data reported by the FlexNet Inventory Agent for subscriptions managed by the Microsoft Azure adapter is marked as Terminated in the Last known state column. |
| Short-lived cloud instance inventory data reported by the FlexNet Inventory Agent, but the Microsoft Azure adapter has not been configured. | Normal behavior as it is now. |
| Short-lived cloud instance inventory data is not reported by either source. | Marked as Terminated in the Last known state column. |
| Short-lived cloud instance inventory data is reported by both sources, but previously marked as Terminated . | Normal behavior as it is now. |
| Short-lived cloud instance inventory data is reported by the FlexNet Inventory Agent, but previously marked as Terminated . | Marked as Terminated in the Last known state column. |
For more information about inventory gathered from cloud service providers (AWS, Microsoft Azure, Google Cloud instances), see Cloud Service provider Inventory in the Help.
IT Asset Management Data API documentation URL change
This enhancement is available with IT Asset Management.
From September 9, 2024, the website address (URL) for the IT Asset Management Data API documentation changed:
-
Old URL—https://docs.flexera.com/FlexeraOneAPI/ITAMDataAPI/
-
New URL as of September 9 2024—https://developer.flexera.com/docs/api/fnms/v1.
For customers who have bookmarked the IT Asset Management Data API documentation, please update your bookmark settings.
Note that you may not be able to access the current URL during the transition time. In that case, you may be able to access the new URL (https://developer.flexera.com/docs/api/fnms/v1).
FlexNet Inventory Agent version 22.4.0 changes
This enhancement is available with IT Asset Management.
See FlexNet Inventory Agent version 22.4.0 changes
Inventory Beacon 22.4.0 changes
This enhancement is available with IT Asset Management.
See Inventory Beacon 22.4.0 changes
IT Visibility
IT Visibility released the following feature in October 2024.
Support for file evidence from ADDM data source in IT Visibility with Technology Intelligence Platform
This feature is available with IT Visibility.
Flexera One has added support for file evidence for customers using BMC Atrium Discovery and Dependency Mapping (ADDM) as an inventory data source. File evidence is an evidence type for software inventory. It indicates evidence in the form of a file that is found on a computer—it might simply be the name of the file, or the information found within the file.
The software assets in ADDM can now be recognized using the file evidence properties such as file name, product name, product version, and so on.
With this feature, the inventory data sources that support file evidence includes the following:
-
BMC Atrium Discovery and Dependency Mapping (ADDM)
-
Data Platform Extractors
-
Flexera Inventory
-
IBM License Metric Tool (ILMT)
-
Microsoft System Center Configuration Manager (SCCM)
You will now see changes in the software and hardware dashboards showing data from ADDM being recognized from file evidence.
Platform
The Flexera One Platform released the following feature in October 2024.
Enhancements to allow MSPs to easily verify their child orgs’ domains
This feature is available with the MSP Customer endpoint of the Identity and Access Management API and provided for MSPs.
Managed Service Providers (MSPs) create numerous child orgs, each with their own SSO configuration. The Identity and Access Management API has been enhanced to provide MSPs, when granted the msp capability, with an option to verify the Identity Provider Domain for their customers as long as the child org SSO base domain matches the parent org domain. In this way, child orgs with the same domain can be onboarded along with the parent org. For more information, see the MSP Customer endpoint of the IAM API.